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REMARKS 

Claims 1-21 are currently pending in the patent 
application. The Examiner has rejected Claims 1 and 17 
under 35 USC 112; has rejected Claims 1-4, 6, 10-14/ and 
17-19 under 35 USC 103 as unpatentable over the teachings of 
Killian; has rejected Claims 5, 7, 20, and 15 as 
unpatentable over Killian in view of Okanoya; has rejected 
Claims 8, 16, and 21 as unpatentable over Killian in view of 
Osterman; and, has rejected Claim 9 as unpatentable over 
Killian in view of Okanoya and Osterman. By this amendment. 
Applicants submit amendments to all of the independent 
claims. Claims 1, 10 and 17. For the reasons set forth 
below. Applicant respectfully asserts that the claims as 
amended are definite and patentable. 

With regard to the rejections of Claims 1 and 17 under 
35 USC 112, il^plicant has amended the language of the claims 
to address any antecedent basis concerns. With specific 
reference to the claim language. Applicant believes that the 
use of the phrase ^^the physical network address'' was 
appropriate, since it is inherent that an endpoint in a 
network has a physical network address. Nonetheless, 
Applicant has amended the language to provide antecedent 
basis. With regard to "the protocol request", and ^^the 
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application" the language has been changed in both Claim 1 
and Claim 17. Applicant believes that the amendments 
address the Examiner's concerns and respectfully requests 
withdrawal of the rejections under 35 USC 112. 

Applicant notes that the Examiner has interpreted «the 
application" to mean «at least one endpoint". As is clear 
from a reading of the Specification and claims, the present 
patent application is directed to a distributed network 
wherein an application (i.e., a program) can be executing on 
any of a plurality of devices which are located at any one 
of a plurality of locations. "The application" is not the 
endpoint, but is a program of instructions which may be 
executing at an endpoint or may be executing at another 
location. -The application" does not have a physical 
location address, while «the endpoint" does have a physical 
location address in the network. Accordingly, Applicant 
requests that the Examiner reconsider the interpretation, 
set forth on page 3 of the Office Action, and the rejections 
which are predicated on that interpretation. 

The present invention provides a system, program 
storage device, and method for performing steps for 
providing a protocol layer firewall for an endpoint in a 
distributed network comprising at least one server having at 
least an object request broker and a usage based firewall 

AU8920000830 _10- 
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manager and a plurality of computing locations each having 
at least one endpoint. The Method con^rises the steps of 
receiving a protocol request fron. an application at the 
server, the protocol request requesting a protocol-specific 
Application Action Object (AAO) from the server; decoding 
the endpoint to deterxaine a physical network address for the 
endpoint at which the application-requested firewall is 
needed; creating an AAO with the decoded information; 
registering the protocol request with the usage based 
firewall manager and obtaining a session number for the AAO; 
adding the session number to the AAO; and returning the AAO 
to the application to operate as a protocol-specific 
firewall at the endpoint. Applicant believes that the 
invention as claimed is patentably distinct from the cited 



art. 



The Killian patent is directed to a client-server 
architecture wherein client requests are directed to one 
so-called -spreader server" which then sends the requests to 
the appropriate servers for responding. The Killian client 
requests are requests for web pages or images and include 
URLs (Col. 3, lines 29-30). In response to receiving a 
client request from the spreader server, a responding server 
will send the requested data as well as a set of performance 
monitoring instructions to the client (Col. 3, lines 35-39). 
AUS920000e30 -11- 
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Based on the instructions, the client will send performance 
messages back to the server. The perforn^ance messages 
detail the time it is taking for downloading the requested 
data, the time for loading additional necessary components 
related to the data, or the time at which a user aborts the 
download (Col. 3, lines 47-62). The server then analyzes 
the performance messages to detect which entity is the 
source of the performance degradation (Col. 3, line 63-Col. 
4, line 19) . The server may react to the detected problem 
based on that analysis. For example, if it is determined 
that the client is the site of the performance problem for 
downloading an image, the server may resend the image with 
fewer bytes. 

Applicant respectfully asserts that the Killian patent 
does not teach or suggest the invention as claimed. With 
respect to the first claim feature, Applicant notes that the 
Killian patent handles client URL-based data or image 
requests. The Killian patent does not receive application 
protocol requests for protocol-specific Application Action 
Objects to act as firewalls. The data objects of Killian 
are not Application Action Objects which are created as 
protocol-specific firewalls in response to application 
requests for same. Rather, the Killian data objects are 
viewable web pages. 

AUS920000830 ..12- 
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With regard to the claim feature of "creating an AAo 
with said decoded (endpoint address) information", it is 
respectfully asserted that Killian simply creates an IP 
message with the requested data, the performance 
instructions, and the client's address. Killian has the 
client's address from the request. In contrast, under the 
present invention in a distributed network, the requesting 
application does not have a physical address. Rather, the 
application can be executing at one or a plurality of 
locations. Therefore, when an application request is 
received, the address of the endpoint for which the 
application is requesting the firewall must be determined. 
In contrast, as taught in Killian at Col. 8, lines 17-21, 
the client address is expressly found in the request. 

Furthermore, with regard to the claim feature of 
registering the protocol with a usage based firewall manager 
and obtaining a session number, J^plicant disagrees with the 
Examiner's interpretation of the cited Killian teachings. 
Killian details at Col. 9, lines 2-6, that a permanent 
cookie is set for a client, thereby enabling the server to 
track performance across multiple sessions. Such teachings 
clearly do not obviate the claim language; and, in fact, 
teach away from the claimed registering and obtaining a 

AUS920000830 _i3_ 
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session number for interactive firewall managen^ent by the 
usage based firewall manager. 

With regard to the claim feature of decoding the 
endpoint to determine the physical network address. 
Applicant respectfully notes that relaying a Url request 
With an express client's address to a backend server is not 
the same as or suggestive of decoding an endpoint in a 
distributed network based on an application protocol request 
received from an application that wishes to control what 
flows to the endpoint. Determining a client address from a 
client request, even if it required some decrypting, would 
not teach or suggest decoding an endpoint from an 
application request in a distributed network. 

With regard to the rejection of Claim 2, as well as 
Claims 12 and 18, Applicant notes that the cited Killian 
teachings from Col. 3, lines 34-40 describe performance 
monitoring of the time spent on various aspects of handling 
the client request. There is nothing in the cited teachings 
Which either teaches or suggests monitoring protocol usage 
at a location. Killian provides no discussion of protocol 
or of any protocol layer monitoring. Rather, Killian simply 
monitors the time at the application layer. 

With regard to the rejection of Claim 3, as well as 
Claim 13, Applicant notes that the cited teachings from 
AUS920000830 
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columns 8 and 9 of Killian describe that the client sends 
communications to the address of the spreader server and 
that permanent cookies are set for the client (see 
discussion above) . There is nothing in the cited passages 
which teaches or suggests monitoring protocol usage, let 
alone the very specific steps of an application executing an 
action on the AAO, routing the AAO to a responsible gateway, 
and the gateway reporting to the firewall manager. Killian 
does not monitor protocol usage, does not have a firewall 
manager, does not have an application execute an action on 
an object, does not route the object to a gateway, and does 
not have a gateway route the object to a firewall manager. 
Killian simply sends its performance messages (not the 
requested data objects, let alone AAOs as claimed) to the 
spreader server and the spreader server relays them to the 
responding server. 

With regard to Claim 4, and Claims 14 and 19, Applicant 
again disagrees with the Examiner. In the cited teachings 
from Columns 4 and 5, Killian determines whether a data 
object (e.g., an image) should be resent with fewer bytes in 
order for the requesting client to download it more readily 
or if different performance instructions should be sent. 
Killian is not teaching or suggesting that continued usage 
of a firewall be evaluated and/ or allowed. The Examiner has 

AUS920000830 _i5_ 
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Stated that «it is obvious .. .that continued usage of the 
performance monitoring instructions ... is determined." 
Applicant assert that the performance instructions do not 
constitute an AAO, or any suggestion thereof. Killian will 
modify the instructions and send new instructions to be 
executed by the client; but, such is not the same as 
determining if an AAO firewall object will continue to 
operate at a location. 

Regarding Claim 6, as well as 7, Applicant avers that 
the cited teachings from Col. 13, line 66-Col. 14, line 10 
simply describe a Killian client indicating whether a 
download has been completed. Such details do not teach or 
suggest ceasing usage of an AAO based on monitoring protocol 
usage and determining that continued usage of the AAO at the 
endpoint is not permissible. 

With regard to Claims 5, 7, 9, 15, and 20, the Examiner 
has additionally cited the Okanoya patent. The Examiner 
concluded that the Killian patent failed to explicitly 
disclose retrieving a stored maximum of requests for the 
protocol and application and the additional steps. 
Applicant relies on the above arguments regarding the 
teachings of Killian, including that no protocol monitoring 
is done. Moreover, Applicant believes that the addition of 
the Okanoya teachings to Killian do not result in the 

AUS920000830 ^ig- 
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invention as claimed, okanoya teaches obtaining the number 
Of current requests to a server and comparing that to a 
stored maximum nuit^er of server requests. okanoya is 
directed to load balancing across servers and uses the 
comparison to determine if load should be shifted. 
Applicant respectfully asserts that the result of modifying 
Klllian With Okanoya would be to provide load balancing at 
the spreader server, so that the load on each of the back 
end servers would be uniformly distributed. Applicant 
contends that one would not be motivated by the teachings to 
arrive at a system which tracks protocol requests and 
application requests at an endpoint and notifies an 
application if the numbers exceed stored maximums. if the 
numbers do exceed under the present invention, the AAO may 
be ceased at the endpoint and/or an alternative endpoint may 
be provided to the application. Clearly it would not be a 
logical extension of Killian and Okanoya to provide for load 
shifting off of a client based on performance monitoring, 
since shifting noad" (e.g., the downloading of a requested 
image which is resulting in decreased performance) from the 
requesting client site to a different client location would 
result in the requesting client not getting the data which 
was requested. Clearly such a modification of Killian, 
which renders Killian unworkable, would not be obvious. 

AUS920000B30 _i7_ 
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With regard to Claims 8, 9, 16 and 21, the Examiner has 
additionally cited the Osterman patent teachings. The 
Examiner cites Osterman' s teachings of identifying an 
alternative endpoint to a server against -identifying an 
alternative endpoint to the client." Applicant first 
asserts that the claims do not recite identifying an 
alternative endpoint to a client. Rather, they recite 
identifying an alternative endpoint to an application. 
Applicant reiterates that having a server send requested 
data to a different client would render Killian unworkable. 
Furthermore, Applicant contends that the Examiner's 
statement at the top of page 8 (and repeated elsewhere) 
concluding that it would have been obvious -to modify the 
teachings of Killian, in order to identify alternative 
endpoints in accessing the client. .. (allowing) the transport 
of messages through different endpoints" is incorrect. 
Endpoints in a network are not conduits for messages since 
they are, by definition, not intermediate nodes. Clearly 
therefore it would not be obvious to route messages to 
clients via endpoints. Moreover, the claims do not recite 
identifying alternative endpoints for accessing a client. 
The claims recite identifying alternative endpoints to an 
application based on a determination that an endpoint with a 
protocol-specific AAO firewall has received more than a 

AUS920000830 -is- 
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stored maximum of requests for the protocol and application. 

Clearly that claim language is not obviated by modifying 

Killian to have alternative paths to clients. 

Based on the foregoing amendments and remarks. 
Applicants respectfully request entry of the amendments, 
reconsideration of the amended claim language in light of 
the remarks, withdrawal of the rejections, and allowance of 
the claims. 

Respectfully submitted, 
L. Ullman 



By: "pjj^A^ 

Anne Vachon Dough 
Registration No. 
Tel. (914) 962- 
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